Tags: ASBNX | ASIA | ASIACURZ3 | ASIAME | ASIASTAFF | ASIASTORY | ASIATOP

China's Clock-Punching Hackers Show Spying as Routine Day Jobs

Tuesday, 27 May 2014 05:26 PM

Five Chinese men indicted for stealing thousands of e-mails and documents from U.S. companies had classic hacker nicknames. Yet one thing made them different: their clock-punching day jobs.

Known by handles including UglyGorilla, WinXYHappy and KandyGoo, they worked from 8 a.m. to 6 p.m. with scheduled two- hour lunch breaks, according to a report by online security company FireEye Inc. Rarely working on weekends, the Shanghai- based team acted more like bureaucrats than the stereotypical basement-dwelling loners working around the clock.

For about eight years, the group hacked into U.S. companies including Alcoa Inc., United States Steel Corp. and Westinghouse Electric Co. to steal “sensitive, internal communications,” the Department of Justice alleges. The hackers, all officers in Unit 61398 of the Third Department of the Chinese People’s Liberation Army, logged standard Chinese hours, rarely worked overtime and almost never stayed past midnight, according to FireEye research.

“They do treat it like a business. It’s not something that they treat like a hobby,” Bryce Boland, chief technology officer for Asia-Pacific at FireEye, said by phone. “They’re doing what they think of to be their job.”

The Justice Department charged Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu and Gu Chunhui with economic espionage linked to computer hacking of American nuclear power, metals and solar companies.

The indictment, which was unsealed May 19, represents the first charges against a state actor for that type of hacking, U.S. Attorney General Eric Holder said.

The Chinese government rejected the charges as “absurd.”

Mandiant, a cybersecurity provider bought by FireEye in January, tracked connections made by members of Unit 61398 to the remote servers they used to hack into target networks.

The research showed a spike in logins at 8 a.m. and again at 2 p.m., when Chinese workers finish their lunch break. About 75 percent of connections took place between 8 a.m. and midday or from 2 p.m. to 6 p.m., FireEye said in a blog post.

About 98 percent of logins took place on weekdays and 1.2 percent occurred in the period between midnight and 7 a.m. China time, FireEye said.

Mandiant first identified a Chinese hacking group it called APT1 in February last year, saying it attacked at least 141 companies globally since 2006. The company’s data matches that of the Justice Department.

“These data sets show that APT1 is either operating in China during normal Chinese business hours or that APT1 is intentionally going to painstaking lengths to look like they are,” FireEye said.

The military hacking team, which probably numbers in the hundreds, also appears to be very structured in terms of job skills and functions, Boland said.

Some members write code, creating the tools for hacking into remote networks, while others identify targets and information that is being sought, he said. Another group may be responsible for taking a more strategic role in directing proceedings, according to Boland.

At the front line are operators, the foot soldiers who use the tools and targets given to them to break into networks and collect data.

The five men identified by the U.S., with photographs, are unlikely to be the most-senior members of China’s hacking army, but instead are operators, logging on in the morning and heading home at night. The fact that the U.S. named them may be no accident.

“They are probably just cogs in a much bigger, broader program, and this is probably the first shot across the bow by the U.S.,” Boland said.

Wang Dong, also known as UglyGorilla, gained unauthorized access to at least one U.S. Steel computer in February 2010 and from there stole a virtual map -- host names and descriptions -- of more than 1,700 of the company’s computers, U.S. prosecutors allege.

In another case, the Justice Department said Sun Kailiang, who also has the moniker Jack Sun, stole proprietary technical and design specifications for piping from Westinghouse, the nuclear reactor arm of Tokyo-based Toshiba Corp.

The Chinese government denied engaging in economic espionage and warned that the charges would harm relations with the United States.

 

© Copyright 2017 Bloomberg News. All rights reserved.

 
1Like our page
2Share
Asia
ASBNX, ASIA, ASIACURZ3, ASIAME, ASIASTAFF, ASIASTORY, ASIATOP, ASIATOPZ3, ASIAX, ATECH, ATTACHMENT, BB, BBCHTO, BGOVALL, BGOVBILLGO, BGOVCODES, BGOVTECH, BIZNEWS, BNALL, BNCOPY, BNMELBOUR, BNSTAFF, BNTEAMS, BONDWIRES, BRIC, BUSINESS, CEN, CHDEF, CHGOV, CHINA, CMDGLOMAC, CMDKEY, CNCURZ6, CNTOP, CNTOPZ6, COS, CPR, CREDITKEY, DEBTKEY, EM, EQUITYKEY, ESG, ESGALTNRG, ESGENV, ESGNRG, ESGRES, ESGSOLAR, EXE, FIALL, FIASST, FINNEWS, FXKEY, G10MEMB, G7MEMB, GEN, GLOBALMACR, GOV, GOWEB, HCX, HLNOVEL, HLNOVELTY9, INDUSTRIES, INTERNET, ITSECURE, JAPAN, JNCURZ6, JNTOP, JNTOPZ6, JUS, MAJOR, MELBNX, METALKEY, MISC, MSCIDVAS, MSCIEMAS, MSCINAMER, MSCIWORLD, NASCURZ4, NASIA, NASTOP, NASTOPZ4, NORTHAM, NOVEL, NOVELTY7, NRGKEY, OILKEY, ONWEB, ORIGINAL, PBC, PHOTO, POLIRISK, RATESKEY, READ, SPREGIONS, SRCRANK1, STFILT241, STFILT268, STFILT689, TEC, TIMECO, TIMENI, TMT, TOP, TOPBIZMKT, TTX, US, USGOV, WORLD, WWCURZ3, WWTOP, WWTOPBIZ, WWTOPZ3
672
2014-26-27
Tuesday, 27 May 2014 05:26 PM
Newsmax Inc.
 
 

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

NEWSMAX.COM
© Newsmax Media, Inc.
All Rights Reserved